Request a Demo
Rewterz
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 2, 2021
Rewterz
Rewterz Threat Alert – Remcos RAT – Active IOCs
June 2, 2021

Rewterz Threat Advisory – CVE-2021-1397 – Cisco Integrated Management Controller Open Redirect Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-1397

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Impact

  • Unauthorized Access
  • Information Disclosure

Affected Vendors

Cisco

Affected Products

  • 5000 Series Enterprise Network Compute System ( ENCS) releases 4.4.2
  • UCS E-Series Blade Servers releases 3.2(11.5) and earlier
  • UCS Manager Software releases 4.1(3b) and earlier
  • UCS S-Series Servers in standalone mode releases 4.0(2o) and earlier

Remediation

Refer to Cisco advisory for the complete list of affected products and their respective patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2